Hi, sorry for the late answer. I'm not sure I understand you correctly.
Imagine the following case:
void newFrontendRequest() {
var subject = SecurityUtils.getSubject();
someMethodThatTakesFiveHoursToComplete();
var principal = subject.getPrincipal();
...
}
This will blow up on the `getPrincipal` line because this subject's
session has expired and is no longer valid. My question is how to handle
something like that. Of course in my case things are much more complex,
the code is not synchronous, the `getPrincipal` call is not directly
after the long-running operation, etc.
Thanks!
On 2/17/23 21:01, [email protected] wrote:
Jakarta Batch or MicroProfile Long-Running Actions are some of the
best practices implementations you are looking for.
On Feb 17, 2023, at 6:33 AM, Arthur Okeke <[email protected]>
wrote:
Since the subject is authenticated at the point you reach the backed
then maybe you can use some kind of impersonation I.e a backend job
runs the long running process on behalf of the subject.
On Fri 17. Feb 2023 at 09:52, Boris Petrov <[email protected]>
wrote:
OK, thanks for the answer. But in that case how would I handle the
following case - a request is made from the frontend with some
authenticated subject. I want to trigger some long-running
process and
do something that requires a valid session after that. The
long-running
process is in a chain of asynchronous stuff and I don't know
where it
will "end" so I can log-out the subject. What are the best
practices for
something like that?
On 2/16/23 19:13, [email protected] wrote:
> I would not recommend it. Unless the Subject is logged out, the
session would not be garbage collected.
> Technically this is possible if every subject is ’sure’ to be
logged out, but that’s is unrealistic in a web application.
>
>> On Feb 16, 2023, at 8:01 AM, Boris
Petrov<[email protected]> wrote:
>>
>> Hi all,
>>
>> I'm wondering is it "safe" to call `setTimeout(-1);` on a
Shiro session. That is, after I do that, is that a memory leak?
Whenever the `Subject` of that `Session` is GC'd, will the
session also be invalidated and removed from the session-manager
or that must be done manually? Thanks!
>>
>> Regards,
>> Boris
>>
